Web site attacks?

I had (hence the word had) a small website running from my home pc using webserver software. Had a dns w/ no-ip.com so family could get to web w/o typing ip address. My problem was..... I came home from work and my firewall was blinking and it said someone tried to attack my pc thru port 80 w/ the "CodeRed" worm. My firewall stopped the attack, but it made me uneasy, so I shut everything down, and closed any open ports.
My ? is, do all webs get attacked all of the time????

>>My ? is, do all webs get attacked all of the time????
Not constantly, but webservers get attacked on a regular basis, especially corporate webservers. If you plan on running a webserver, security should be one of your primary concerns.

It was probably an automated attack that scans for open ports and tries to push a virues to each one it finds. The days of a cracker actually taking the time to choose targets and attack them manually are all but gone. But that's a good thing because automated attacks are easier to use automated defenses against. :)

The particular 'probe' which has been seeking out your machine is a very old one. It is the result of a 'worm' on someone's PC somewhere which is randomly probing IP addresses. It's not specifically trying to get to your site, it's trying to locate an 'opening' somewhere so that it can continue its business. If your system is up to date with patches it won't be vulnerable anyway.

The machine the attack is originating from will belong to someone who is on the net without adequate protection in place. Such things are quite common, and the reason we have antivirus and firewalls in place.

This web appliance is likely the most secure single level server on the market. It is immune from all remote server level attacks including cracker, viruses, and worms.

The system runs Java web applications, utilizes domain based access controls or "compartments", effectively has a read only operating system with no command interface.

Its encryption technology is interesting, but my knowledge on such things is limited to the bare minimum to not bomb that CBK on the CISSP.

The site makes a lot of bold claims, but the majority of them are completely true, a few of the claims have a smidge of spin. For example the server cannot effectively protect objects from subjects in the same compartment even if the subject does not have explicit rights over the object. (multi-user web hosting for a simple example)

The true benefits of this system is the fact that it has essentially no administration requirements. Essentially no security configuration, no patching, no unusual access controls, no complicated rules files... I would guess that anyone who was familiar enough with computers to use MS Office could effectively run a secure and stable HYDRA server.